Privacy Policy - Summary

This Privacy Policy (the “Policy”) explains how Aspirant Analytics (“we”, “us”, “our”) may process your Personal Data for the purpose of using our Services. This Policy may be amended or updated from time to time to reflect changes in our practices with respect to the Processing of Personal Data, or changes in applicable law. We encourage you to read this Policy carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this Policy. Defined terms are given the meaning in Section 19.

For the purposes of this Policy, Aspirant Analytics is the Controller.

Many of the capitalised terms used in the Policy derive their meaning from defined terms in applicable data privacy law and we use those terms in the same way as they are used in applicable data privacy law. The definitions of the terms which are capitalised in this Policy are in Section 19 below. If you have any comments, questions or concerns about any of the information in this Policy, or any other issues relating to the Processing of Personal Data carried out by us, or on our behalf, please contact our Data Protection Officer:
Hok-Him Poon
Aspirant Analytics
3rd Floor
8-9 Talbot Court
London
EC3V 0BP
United Kingdom
hokhim@aspirantanalytics.com

Collection of Personal Data

We may collect or obtain Personal Data about you: directly from you (e.g., where you contact us); in the
course of our relationship with you (e.g., if you subscribe to any of our Services); when you make your
Personal Data public (e.g., if you make a public post about us on social media); when you use any of our
Software; when you visit our Sites; when you register to use any of our Sites, Software, or Services. We
may also receive Personal Data about you from third parties (e.g. credit reference agencies and regulatory
bodies). See below for more detail on the way in which we collect your Personal Data.

Use of Cookies and other tracking technology

We may Process your Personal Data by placing or reading Cookies. We may use Cookies and/or similar tracking technology to: authenticate your identity, check your status, personalise the Service, ensure the security of our Sites, Software and Services and for analysis.

Creation of Personal Data

We may also create Personal Data about you, such as records of your interactions with us, and details of any Services agreed between you and us.

We may Process your Personal Data where: you have given your prior, express consent; the Processing is
necessary for a contract between you and us; the Processing is required by applicable law; or where we
have a valid legitimate interest in the Processing for the purpose of managing, operating or promoting our
business (and where that legitimate interest is not overridden by your interests, fundamental rights or
freedoms).

We do not seek to collect or otherwise Process your Sensitive Personal Data. Where we need to Process your Sensitive Personal Data for a legitimate purpose, we do so in accordance with applicable law.

Disclosure of Personal Data to Third Parties

We may disclose your Personal Data to: legal and regulatory authorities; our external advisors; our Processors; any party as necessary in connection with legal proceedings; any party as necessary for investigating, detecting or preventing criminal offences; any purchaser of our business; and any third party providers of advertising, plugins or content used on our Sites, or Software.

International Transfer of Personal Data

We may transfer your Personal Data within Aspirant Analytics, and to third parties as noted in Section 10, in connection with the purposes set out in this Policy. We may transfer your Personal Data for such reasons to other countries that are considered to be Adequate Jurisdictions - please note, this may mean these countries have different laws and data protection compliance requirements to those that apply in the country in which you are located.

Data security

We have appropriate technical and organisational security measures designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised forms of Processing, in accordance with applicable law.
The transmission of information via the internet is not completely secure given that it is an open system. Although we will implement all reasonable measures to protect your Personal Data, we cannot guarantee the security of your data transmitted to us using the internet – any such transmission is at your own risk and you are responsible for ensuring that any Personal Data that you send to us are sent securely.

Data Accuracy

We take reasonable steps to ensure that:

your Personal Data that we Process are accurate and, where necessary, kept up to date; and

any of your Personal Data that we Process that are inaccurate (having regard to the purposes for which they are Processed) are erased or rectified without delay

From time to time we may ask you to confirm the accuracy of your Personal Data.

Data Minimisation

We take reasonable steps to ensure that your Personal Data that we Process are limited to the Personal Data reasonably necessary in connection with the purposes set out in this Policy.

Data Retention

We take every reasonable step to ensure that your Personal Data are only Processed for the minimum period necessary for the purposes set out in this Policy. However, the period of time for which we hold your Personal Data will vary depending upon the type of information and the reason why we Process it.
The criteria for determining the duration for which we will keep your Personal Data are as follows: we will retain copies of your Personal Data in a form that permits identification only for as long as is necessary in connection with the purposes set out in this Policy, unless applicable law requires a longer retention period. In particular, we may retain your Personal Data for the duration of any period necessary to establish, exercise or defend any legal rights.

Your Legal Rights

Under applicable law, you may have a number of rights, including: the right not to provide your Personal Data to us; the right of access to your Personal Data; the right to request rectification of inaccuracies; the right to request the erasure, or restriction of Processing, of your Personal Data; the right to object to the Processing of your Personal Data; the right to have your Personal Data transferred to another Controller; the right to withdraw consent; and the right to lodge complaints with Data Protection Authorities. We may require proof of your identity before we can give effect to these rights.

Exercising Your Legal Rights

To exercise one or more of the legal rights in Section 16, or to ask a question about these rights or any other provision of this Policy, or about our Processing of your Personal Data, please contact our Data Protection Officer whose details are provided in Section 2.3. Please note that:

we may require proof of your identity before we can give effect to these rights; and

where your request requires the establishment of additional facts (e.g., a determination of whether any Processing is non-compliant with applicable law) we will investigate your request reasonably promptly, before deciding what action to take.

Terms of Service

All use of our Sites, our Software, or our Services is subject to our Terms of Service. We recommend that you review our Terms of Service regularly, in order to review any changes we might make from time to time.

Definitions

“Adequate Jurisdiction” a jurisdiction that has been formally designated by the European Commission as providing an adequate level of protection for Personal Data.

“Cookie” means a small file that is placed on your device when you visit a website (including our Sites). In this Policy, a reference to a “Cookie” includes analogous technologies such as web beacons and clear GIFs and any other tracking devices.

“Controller” means the entity that decides how and why Personal Data are Processed. In many jurisdictions, the Controller has primary responsibility for complying with applicable data protection laws.

“Data Protection Authority” means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws.

“Personal Data” means information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.

“Process”, “Processing” or “Processed” means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Processor” means any person or entity that Processes Personal Data on behalf of the Controller (other than employees of the Controller).

“Relevant Personal Data” means Personal Data in respect of which we are the Controller. It expressly does not include Personal Data of which we are not the Controller.

“Services” means the services provided under any applicable agreement between Us and you which includes use of our Sites and/or Software.

“Sensitive Personal Data” means Personal Data about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, national identification number, or any other information that may be deemed to be sensitive under applicable law.

“Software” means any application, software or platform made available by us (including where we make such applications available via third party stores or marketplaces, or by any other means).

“Site” means any website operated, or maintained, by us or on our behalf.